JSI Tip 9410. How can the 'net user' command return a comma delimited string of a domain user's local or global group membership?

Using the net user command, I have scripted GetGroups.bat to return a comma delimited string containing a domains user's local or global group membership.

The syntax for using GetGroups.bat is:

call GetGroups User L|G

Where User is the User Name (sAMAccountName) and L|G is an L if you wish to return Local group membership, or a G if you wish to return Global group membership.

The output is displayed on the console, but can be redirected to a file, or processed with a FOR command. A global membership string might look like:

"Domain Admins","accountants","Schema Admins","Enterprise Admins"

GetGroups.bat contains:

@echo off
if \{%2\}==\{\} goto syntax
set user=%1
set gt=%2
if /i "%gt%" EQU "L" goto OK
if /i "%gt%" NEQ "G" goto syntax
set grps=
set ft=NONE
for /f "Tokens=1-3 Delims=*" %%g in ('net user %user% /domain^|find "*"') do (
 set wrk=%%g#
 call :group
 set wrk=%%h#
 call :group
 set wrk=%%i#
 call :group
@echo %grps%
goto :EOF
@echo Syntax: GetGroups User L^|G
goto :EOF
if /i "%wrk:~0,5%" EQU "Local" set ft=L&goto :EOF
if /i "%wrk:~0,6%" EQU "Global" set ft=G&goto :EOF
if /i "%ft%" NEQ "%gt%" goto :EOF
if "%wrk:~0,1%" EQU "#" goto :EOF
if "%wrk:~0,1%" EQU " " goto :EOF
set grp=%wrk:  =%
set grp=%grp: #=%
set grp=%grp:#=%
if defined grps set grps=%grps%,
set grps=%grps%"%grp%"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.